login.defs: remove vars ignored by su(1)
This commit is contained in:
Chris Hofstaedtler
@@ -2,12 +2,14 @@ From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
|
||||
Date: Sun, 7 Jul 2024 14:06:39 +0200
|
||||
Subject: Adapt login.defs for Debian
|
||||
|
||||
Remove settings only applicable to shadow's su, which we do not use.
|
||||
Remove settings only applicable without PAM support enabled.
|
||||
---
|
||||
etc/login.defs | 410 +++++++++++++++------------------------------------------
|
||||
1 file changed, 104 insertions(+), 306 deletions(-)
|
||||
etc/login.defs | 420 ++++++++++++++-------------------------------------------
|
||||
1 file changed, 99 insertions(+), 321 deletions(-)
|
||||
|
||||
diff --git a/etc/login.defs b/etc/login.defs
|
||||
index 33622c2..b0086db 100644
|
||||
index 33622c2..9711ad1 100644
|
||||
--- a/etc/login.defs
|
||||
+++ b/etc/login.defs
|
||||
@@ -1,24 +1,38 @@
|
||||
@@ -66,10 +68,11 @@ index 33622c2..b0086db 100644
|
||||
LOG_UNKFAIL_ENAB no
|
||||
|
||||
#
|
||||
@@ -27,109 +41,31 @@ LOG_UNKFAIL_ENAB no
|
||||
@@ -26,110 +40,12 @@ LOG_UNKFAIL_ENAB no
|
||||
#
|
||||
LOG_OK_LOGINS no
|
||||
|
||||
#
|
||||
-#
|
||||
-# Enable logging and display of /var/log/lastlog login(1) time info.
|
||||
-#
|
||||
-LASTLOG_ENAB yes
|
||||
@@ -109,13 +112,11 @@ index 33622c2..b0086db 100644
|
||||
-#
|
||||
-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
|
||||
-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
|
||||
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
|
||||
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
|
||||
#
|
||||
SYSLOG_SU_ENAB yes
|
||||
SYSLOG_SG_ENAB yes
|
||||
|
||||
#
|
||||
-#
|
||||
-SYSLOG_SU_ENAB yes
|
||||
-SYSLOG_SG_ENAB yes
|
||||
-
|
||||
-#
|
||||
-# If defined, either full pathname of a file containing device names or
|
||||
-# a ":" delimited list of device names. Root logins will be allowed only
|
||||
-# from these devices.
|
||||
@@ -125,10 +126,9 @@ index 33622c2..b0086db 100644
|
||||
-
|
||||
-#
|
||||
-# If defined, all su(1) activity is logged to this file.
|
||||
+# If defined, all su activity is logged to this file.
|
||||
#
|
||||
#SULOG_FILE /var/log/sulog
|
||||
|
||||
-#
|
||||
-#SULOG_FILE /var/log/sulog
|
||||
-
|
||||
-#
|
||||
-# If defined, ":" delimited list of "message of the day" files to
|
||||
-# be displayed upon login.
|
||||
@@ -161,16 +161,14 @@ index 33622c2..b0086db 100644
|
||||
-#
|
||||
-NOLOGINS_FILE /etc/nologin
|
||||
-
|
||||
#
|
||||
# If defined, the command name to display when running "su -". For
|
||||
-#
|
||||
-# If defined, the command name to display when running "su -". For
|
||||
-# example, if this is defined as "su" then ps(1) will display the
|
||||
-# command as "-su". If not defined, then ps(1) will display the
|
||||
+# example, if this is defined as "su" then a "ps" will display the
|
||||
+# command is "-su". If not defined, then "ps" would display the
|
||||
# name of the shell actually being run, e.g. something like "-sh".
|
||||
#
|
||||
SU_NAME su
|
||||
|
||||
-# name of the shell actually being run, e.g. something like "-sh".
|
||||
-#
|
||||
-SU_NAME su
|
||||
-
|
||||
-#
|
||||
-# *REQUIRED*
|
||||
-# Directory where mailboxes reside, _or_ name of file, relative to the
|
||||
@@ -182,7 +180,7 @@ index 33622c2..b0086db 100644
|
||||
#
|
||||
# If defined, file which inhibits all the usual chatter during the login
|
||||
# sequence. If a full pathname, then hushed mode will be enabled if the
|
||||
@@ -139,27 +75,12 @@ MAIL_DIR /var/spool/mail
|
||||
@@ -139,27 +55,12 @@ MAIL_DIR /var/spool/mail
|
||||
HUSHLOGIN_FILE .hushlogin
|
||||
#HUSHLOGIN_FILE /etc/hushlogins
|
||||
|
||||
@@ -212,7 +210,7 @@ index 33622c2..b0086db 100644
|
||||
|
||||
#
|
||||
# Terminal permissions
|
||||
@@ -167,11 +88,18 @@ ENV_PATH PATH=/bin:/usr/bin
|
||||
@@ -167,11 +68,18 @@ ENV_PATH PATH=/bin:/usr/bin
|
||||
# TTYGROUP Login tty will be assigned this group ownership.
|
||||
# TTYPERM Login tty will be set to this permission.
|
||||
#
|
||||
@@ -235,7 +233,7 @@ index 33622c2..b0086db 100644
|
||||
TTYGROUP tty
|
||||
TTYPERM 0600
|
||||
|
||||
@@ -180,113 +108,68 @@ TTYPERM 0600
|
||||
@@ -180,113 +88,68 @@ TTYPERM 0600
|
||||
#
|
||||
# ERASECHAR Terminal ERASE character ('\010' = backspace).
|
||||
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
|
||||
@@ -362,7 +360,7 @@ index 33622c2..b0086db 100644
|
||||
# any combination of letters "frwh" (full name, room number, work
|
||||
# phone, home phone). If not defined, no changes are allowed.
|
||||
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
|
||||
@@ -294,104 +177,73 @@ CHFN_AUTH yes
|
||||
@@ -294,104 +157,73 @@ CHFN_AUTH yes
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
@@ -507,7 +505,7 @@ index 33622c2..b0086db 100644
|
||||
|
||||
#
|
||||
# The pwck(8) utility emits a warning for any system account with a home
|
||||
@@ -401,67 +253,12 @@ DEFAULT_HOME yes
|
||||
@@ -401,67 +233,12 @@ DEFAULT_HOME yes
|
||||
#
|
||||
NONEXISTENT /nonexistent
|
||||
|
||||
@@ -575,7 +573,7 @@ index 33622c2..b0086db 100644
|
||||
#
|
||||
# Select the HMAC cryptography algorithm.
|
||||
# Used in pam_timestamp module to calculate the keyed-hash message
|
||||
@@ -471,3 +268,4 @@ PREVENT_NO_AUTH superuser
|
||||
@@ -471,3 +248,4 @@ PREVENT_NO_AUTH superuser
|
||||
# that are available in your system.
|
||||
#
|
||||
#HMAC_CRYPTO_ALGO SHA512
|
||||
|
||||
Reference in New Issue
Block a user